Linkedin Phishing Scam

LinkedIn Phishing Scam | Malware

New LinkedIn Phishing scam

Receiving a LinkedIn message from a recruiter offering you the job of a lifetime may sound like a dream, but for victims of the new Ducktail malware, it can quickly turn into a nightmare.

Cybercriminals are ramping up their impersonation game, posing as HR talent scouts on LinkedIn to trick professionals into downloading dangerous software. To avoid losing control of your valuable data, you’ll need to be on the lookout for this new scam.

Are you dealing with a recruiter or a cybercriminal?

LinkedIn  has become the go-to social network  for professionals around the world, with 9 million registered profiles in South Africa. Naturally, recruiters have been keen to use this platform to reach out to suitable job candidates – and some of their overseas offerings can be very attractive.

Receiving a message asking you to consider a lucrative  job offer is always exciting. Unfortunately, online bad actors are jumping on the opportunity to defraud and steal data from prospective jobseekers.

A new scam on LinkedIn has seen professionals in several countries in Africa and the Middle East targeted by fake recruiters, losing control of their Facebook business accounts in the process.

  • The first step in the scan is always a LinkedIn message from someone posing as an HR specialist. The contents of the email will usually refer to a great job opportunity – most recently with a fashion brand in a desirable international city.
  • Once a job candidate shows interest by replying to the phishing message, the cybercriminal will usually reply and include a link which looks like it leads to an online application form. In reality, clicking on this link will download the Ducktail malware onto their device.

Victims of Ducktail soon discover that their Facebook business accounts have been hijacked, with customer data including credit card and banking details being prime targets.

Always verify before you share your details

If you receive a recruiting message on a platform like LinkedIn, it’s essential to make sure that the person who sent it is legitimate.

  • Cross-checking the recruiter’s identity on their company website is one way of verifying their identity.
  • For local recruiters, calling them on the number provided on the website – and not the number in the email – is a sure way to find out whether you are speaking to the genuine person or an imposter.

Malware, ransomware, and other types of cybercrime are a major risk for every business and professional.

Keeping your data safe with our range of secure cloud storage packages. It’s your virtual insurance policy against cybercriminals.